Deep research into cyber security threat patterns has revealed some trends in hackers’ behaviour that are worth noting. Studies show that cyber criminals are moving away from malicious code to gain entry into their victim’s systems. More and more credential theft cases are coming to light, indicating that hacker’s will now bait victims through phishing emails that cause them to divulge their credentials either voluntarily or by trickery.
Why are credential theft cases on the rise?
Phishing has become the most used method in credential theft cases, making up 57% of scam messages. Malware infected payloads are becoming less common, just 12% of overall email scam messages.
The first reason why hackers are starting to prefer stealing credentials through phishing emails is because phishing is relatively harder to detect. If there’s no malicious payload attached to an email, it likely won’t be flagged by email protection tools. Being largely dependent on emotional engagement of their victims for it to work, hackers are especially keen on reaching a large volume of users. Most phishing cases are launched with a “whoever bites” attitude, and there are larger chances of someone falling into the trap if phishing emails reach a greater number of potential victims.
Moreover, phishing is extremely cheap. Hackers can easily maintain spoofed webpages and fraudulent websites to bait their victims. They can quickly shift to a different architecture / hosting if they’re found out and shut down. This makes it harder for them to be caught as they can jump from IP to IP and website address to address. Getting their hands on a bulk email service is not that expensive either.
How do hackers steal your credentials using phishing?
The goal of phishing, simply put, is to get you to interact with a fake email message, and elicit an emotional response from you. There are a couple of techniques hackers use to exploit your vulnerable and excitable state while reading the fake email.
These techniques involve around either fear or happiness. Hackers put fear in you by sending you mails with subject matter and content like, “Your account has been blocked!” or, considering the current scenario, “Your locality is a Covid zone!” In complete panic, you click on the phishing link in the email body. The link takes you to a spoofed page, where you are asked to enter your credentials to unlock more information.
On the other hand, some phishing ruses also promise you great gains and monetary benefits. The Rocky Hills Award case was one such case where victims were promised a spectacular award and they just needed to ‘sign up for it’ to be eligible for it.
7 Steps to Prevent Credential Theft Cases in Your Organization
Like the attack itself, the preventive measures too are people-centric. If employees in your organization are cyber aware and can diligently follow simple steps when in suspicion, a majority of the credential theft attempts will fail. Following some preliminary steps that ward off credential theft cases.
1. Look through the email body multiple times to spot any inconsistencies like logos, spelling mistakes, bad grammar, and generic salutation.
2. Hover over the links in emails to find out the URLs that they point to. If there’s a disconnect between the page the email promises to take you to and the URL, do not click on the link.
3. Look out for minute indications of a spoofed URL, like the usage of 0 (zero) instead of ‘O’ or epsilon characters instead of ‘e’s etc.
4. If you do land up on the page, check for signs of a dummy page which include improper branding, unnecessary input fields (for instance, why do they need your payment information to unlock your account?) and similar language and wording issues as in the email.
5. Switch up your passwords frequently and don’t use the same passwords for two purposes.
6. If you get a sense the email is valid, type out the URL of the website manually in a separate browser window, and then navigate to the Account login section instead of clicking on the email link.
7. Familiarize yourself with social engineering to spot obvious phishing ruses.
Fortify your email with intelligent scanning
Like we said, phishing emails are harder to detect if they don’t have malicious payload. But Logix has email threat prevention services which can scan the email content to detect a phishing attempt. Our Cisco Email ATP is powered by AI Talos Intelligence which scans every incoming email against reputation scores, email content, and tests them for its set of rules. If the email fails these tests, it is immediately flagged, keeping your inbox safe from potential thefts. Technology is evolving. Why not evolve with it?